The biggest “DeFi” “hack” ever was on the Poly Network across multiple chains that amounted to $600M in value. The smart contract was obviously flawed and had a bug which the “hacker” was able to exploit. I don’t really like calling these people hackers because in a sense, they’re doing something that any good lawyer would do with a normal contract. That is, looking through the terms of the contract for advantages they can get. A lot of the media treat this perfectly legal execution of the contract as something that was sinister when it’s really a flaw with the complicated smart contracts themselves. There wasn’t a server that was hacked into, or keys stolen from someone. There was simply an overlooked, badly-coded clause in the smart contract that was executed.
In a smart contract, code is supposed to be law, so to call this person a hacker is dishonest. It’s a person that executed the contract in a way the designers of the smart contract didn’t expect. This is just a terribly managed project and the blame is entirely on the developers and the poor-quality platform that made such mistakes so easy to make.
The insecurity of smart contracts in a poorly designed language like Solidity isn’t the thing I want to write about, however. The more interesting thing here is that the “hack,” which was nominally worth $600M was settled as a $500,000 bug bounty. What happened and how was it the “hacker” settled for so little?
Shortly after the disaster, the Poly network sent out a tweet to ask for the money back as can be seen above. What is very interesting is the embedded threat that “you will be pursued.” Again, this was a legal execution of the contract so it’s not at all clear that the authorities would be pursuing this person, but the threat apparently had teeth. Why?
The key is the next sentence about not doing any further transactions. This was because the Polygon developers essentially got the cooperation of miners and exchanges to completely censor this one address.
For all their talk of decentralization, a centralized organization was able to block a user from spending. In other words, Etherum and Binance are centralized chains. You do not own these coins as much as have access to them with the central controllers’ permission.
This was done through choking liquidity. Surely, the “hacker” could have sold the coins peer-to-peer and possibly even mined the transaction, but it would have been extremely annoying to anonymize and would not have gotten the same price as the “untainted” coins. That the settlement was for $500k tells you that coins that the centralized organization disapproved of is worth less than 0.1% of the coins that are approved. Another way to look at it is that over 99.9% of the value is dependent on a trusted third party.
In essence, this “hack” proves that altcoins, for all their talk of decentralization are decentralized in name only (DINO) and are utterly centralized in everything that matters. This means there are significant risks both internal (embezzlement, inflation, censorship) and external (regulations, forced takeover, taxes). In other words, these are fragile projects and dependence on them is an enormous risk.
BitMex Research has published a privacy-preserving proof-of-liability. The protocol uses a Merkle Tree of all user accounts, which can be looked up using a nonce given to each user. The amounts are put in the clear so that users can add them up to see the liabilities. The innovation is splitting the amounts to two or more different nodes in the Merkle Tree. This preserves privacy better as a particular amount being seen in the Merkle Tree cannot be used to track users over time. Sadly, proof-of-liability is not very common in the industry with CoinFloor being one of the few exceptions. I hope a better protocol like this gets users to demand them from exchanges going forward.
Samurai Wallet has published parts 3 and 4 of the understanding privacy series. These two articles are, again, very informative, and they go through the difference between PayJoin and CoinJoin, techniques for defeating traditional analysis and the general starting point problem. If you’re interested in privacy, this is not a bad place to start.
Craig Warmke of Atomic Finance explains DLCs. The post goes through what motivated the development of DLCs. As they say, this is a useful tool to make sound finance available in Bitcoin. The usage of oracles in DLCs is essentially the only single point of failure and there are incentives available to get them to tell the truth. The article is useful for understanding this whole area of Bitcoin that’s coming in more layman’s terms.
Jeremy Rubin has started a fairly controversial proposal to remove the dust limit in Bitcoin. The behavior of the current software is to consider outputs less than 546 satoshis as spam. His reasoning is that there are other uses for outputs such as colored coins protocols, lightning and authentication/delegation. A lot of developers are pushing back, some even suggesting a higher limit than the current one. This is not a consensus issue, so it will be interesting to see how this gets resolved.
Blockstream has implemented a way to advertise a willingness to do dual-funded channels called liquidity ads. There’s no way before this to know which other nodes would accept dual-funded channels, so advertising what you would accept ought to be very useful for the network . This is part of the c-lightning release 0.10.
Lightning address is a way to make Lightning more user friendly. This is a clever use of the DNS system to host your own lightning node from a domain you control. Addresses ought to be a lot easier to use, but there is a tradeoff in privacy since your domain has to be registered with someone and that can compromise your privacy.
RedPhone is a lightning-based phone service. You can connect to another lightning node over the peer-to-peer network to establish a WebRTC connection. The software allows you to have pay-per-minute services and so on, which you would expect given that Lightning allows for such payments. This is a clever use of Lightning and I hope more services like this pop up.
Economics, Engineering, Etc.
Alex Gladstein writes about how Bitcoin is being used in Cuba. What’s amazing is how organic the growth there has been and how oppressive Cuba currently is. The fact that Cubans are using Bitcoin to subvert their government is encouraging and perhaps there is a better future ahead in that very authoritarian country. As usual, Alex’s longreads give us a really good global perspective on the effect of Bitcoin and this is another must read for those interested in the global implications of Bitcoin.
Lyn Alden shows why Bitcoin’s energy use is not a problem. This is a thorough debunking of the ESG narrative around Bitcoin and she doesn’t skip any details. She covers the why, the how, layers above Bitcoin and of course, how Bitcoin uses energy no one else uses. She’s always been a very clear thinker and her explanations are likewise very clear. Though I hope the ESG narrative dies a horrible, bloody death, I suspect that this is an argument we’ll need to make continuously for the next 10 years.
Shawn Dexter has an article on how Bitcoin is an escape from the current oppressive system. The article starts from first principles about the emergence of private property to government, taxes and inflation. The article makes clear where things went wrong and how Bitcoin can fix private property. There is an undercurrent of two worlds starting to form, one fiat and one Bitcoin and this article suggests that we’re starting to come to that. Where that goes is something worth pondering.
Chinese miners are venue shopping. This is not a surprise as they have a lot of very valuable property. Given the regulatory certainty in Texas and Governor Abbott basically inviting disaffected miners in, Texas looks to be a big beneficiary of the jobs and economic activity that comes along with the establishment of mining. As people like me have been predicting for years, the hash rate will go to the jurisdictions that are most favorable for them and it wasn’t going to be China’s permanently. We’re seeing this play out in real time.
Jason Lowery makes the argument for how Bitcoin is mutual assured preservation. His argument that the military is a form of proof-of-work for any currency makes a lot of sense. The biggest guns essentially get to decide what property rights each person has. Proof-of-work is much more peaceful and creates incentives to preserve one another rather than go to war. I found the analogy to have a lot of truth in it and gives perspective on the cost of property rights for a society.
Bitcoin is making waves in the political arena.
Will Bitcoin put the third world in leadership positions going forward?
Congrats to Jon Atack who’s receiving a grant from HRF and Compass Mining.
Politics as we know it is likely over on a Bitcoin standard.
Bosworth makes $4500/month routing Lightning payments.
The Programming Blockchain seminar is in London on October 9-10 and Atlanta on November 2-3. This is a 2-day seminar for programmers to learn about Bitcoin. You can apply here. I also have a few scholarships available for those that can’t afford it.
On this week’s Bitcoin Fixes This, I talked to Scott Horton about the military industrial complex and the US foreign policy since 1979 that led us to seemingly endless military intervention in the Middle East. I read through last week’s newsletter which you can find here.
I was on the Jason Cavness show to talk Bitcoin.
Unchained Capital is a sponsor of this newsletter. I am an advisor and proud to be a part of a company that’s enhancing security for Bitcoin holders. If you need multisig, collaborative custody or bitcoin native financial services, learn more here.
Fiat delenda est.